Hackread reports that major U.S. school districts have been subjected to ongoing sophisticated spearphishing attacks from the Tycoon and Storm-1575 threat operations since November.
Aside from utilizing social engineering tactics and establishing spoofed sites via phishing-as-a-service tools, both Tycoon and Storm-1575 have also been leveraging adversary-in-the-middle phishing to circumvent multifactor authentication protections, according to a report from PIXM. Intrusions involved the delivery of phishing emails with password update lures that redirected to a convincing Microsoft password site and later enabled credential exfiltration and two-factor authentication code requests for MFA bypass. Such a development comes amid mounting data security incidents in the U.S. education sector, with cybersecurity researcher Jeremiah Fowler discovering the exposure of more than 4 million sensitive student, parent, and school staff records as a result of misconfigured Raptor Technologies web buckets in January, as well as the leak of 210,020 student and parent records related to the Online Voucher Application the following month.
